10-37
IPv4 Access Control Lists (ACLs)
Planning an ACL Application
■
Every IPv4 address and mask pair (source or destination) used in an
ACE creates one of the following policies:
•
Any IPv4 address fits the matching criteria.
In this case, the
switch automatically enters the address and mask in the ACE. For
example:
access-list 1 deny any
produces this policy in an ACL listing:
This policy states that every bit in every octet of a packet’s SA is a
wildcard, which covers any IPv4 address.
•
One IPv4 address fits the matching criteria.
In this case, you
provide the address and the switch provides the mask. For example:
access-list 1 permit host 10.28.100.15
produces this policy in an ACL listing:
This policy states that every bit in every octet of a packet’s SA must
be the same as the corresponding bit in the SA defined in the ACE.
•
A group of IPv4 addresses fits the matching criteria.
In this case
you provide both the address and the mask. For example:
access-list 1 permit 10.28.32.1 0.0.0.31
This policy states that:
–
In the first three octets of a packet’s SA, every bit must be set the
same as the corresponding bit in the SA defined in the ACE.
–
In the last octet of a packet’s SA, the first three bits must be the
same as in the ACE, but the last five bits are wildcards and can
be any value.
■
Unlike subnet masks, the wildcard bits in an ACL mask need not be
contiguous. For example, 0.0.7.31 is a valid ACL mask. However, a
subnet mask of 255.255.248.224 is not a valid subnet mask.
Address
Mask
0.0.0.0
255.255.255.255
Address
Mask
10.28.100.15
0.0.0.0
Address
Mask
10.28.32.1
0.0.0.31
Summary of Contents for HP ProCurve Series 6600
Page 2: ......
Page 6: ...iv ...
Page 26: ...xxiv ...
Page 102: ...2 48 Configuring Username and Password Security Password Recovery ...
Page 204: ...4 72 Web and MAC Authentication Client Status ...
Page 550: ...10 130 IPv4 Access Control Lists ACLs General ACL Operating Notes ...
Page 612: ...12 24 Traffic Security Filters and Monitors Configuring Traffic Security Filters ...
Page 734: ...14 44 Configuring and Monitoring Port Security Operating Notes for Port Security ...
Page 756: ...16 8 Key Management System Configuring Key Chain Management ...
Page 776: ...20 Index web server proxy 14 42 webagent access 6 6 wildcard See ACL wildcard See ACL ...
Page 777: ......